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RESULTS OF SECURITY INSPECTIONS AT THE 
DEPARTMENT OF ENERGY’S LAWRENCE 
LIVERMORE NATIONAL LABORATORY 


TUESDAY, JULY 20, 1999 

House of Representatives, 

Committee on Commerce, 
Subcommittee on Oversight and Investigations, 

Washington, DC. 

The subcommittee met, pursuant to notice, at 10 a.m., in room 
2322, Rayburn House Office Building, Hon. Fred Upton (chairman) 
presiding. 

Members present: Representatives Upton, Burr, Bilbray, Ganske, 
Blunt, Bryant, Klink, Stupak, Green, McCarthy, Strickland, and 
DeGette. 

Also present: Representatives Norwood and Shimkus. 

Staff present: Tom DiLenge, majority counsel; and Reid Stuntz, 
minority staff director and chief counsel. 

Mr. Upton. Good morning, everyone. The subcommittee will 
come to order. 

The subcommittee is meeting this morning to hold a hearing on 
the results of recent security inspections at the DOE’s Lawrence 
Livermore lab. After members and witnesses have been recognized 
for opening statements, the Chair will make a motion to hold the 
remainder of the hearing in executive session. The Chair will recog- 
nize himself for an opening statement. 

This hearing is a continuation of a classified briefing held for 
members 3 weeks ago on the results of a recent DOE inspection of 
security at Lawrence Livermore. While that briefing certainly was 
illuminating, the ability of members and staff to question the wit- 
nesses, many of whom are here again today, was limited by the De- 
partment’s decision to withhold the inspection report and related 
documents from the committee prior to that briefing. 

Now that we do have the necessary materials and have had a 
chance to review the inspection report in detail, we have called to- 
day’s hearing to dig deeper into some of the issues raised by this 
recent inspection. While much of what we discuss today will be 
classified and thus discussed behind closed doors, some of what we 
have learned so far is unclassified and can be and should be dis- 
cussed publicly. In particular, those issues that bear on the seem- 
ing inability of the lab and Department to conduct effective secu- 
rity management and oversight, to provide accurate information 
about the state of security to policymakers in the Department, the 
White House and certainly in the Congress, and to take prompt 
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and effective corrective actions with respect to identified 
vulnerabilities. 

For example, there are numerous references in the recent inspec- 
tion report to past findings of a similar serious and recurring na- 
ture, findings that went uncorrected for years. In other cases, the 
lab and Department field offices failed during their own security 
reviews to identify serious issues found by the recent independent 
inspection team and apparently did not even evaluate some signifi- 
cant areas of potential security concern. 

In still other cases, the lab and field office security assessments 
did reveal vulnerabilities similar to those identified by the outside 
inspectors, but either corrective action was not taken or the pro- 
gram officials determined that the risk was somehow acceptable; 
that is, until the independent inspectors recently put this un- 
wanted spotlight on these issues. Despite the recurrence of unre- 
solved deficiencies year after year, we have found that Livermore 
has never been financially penalized for these significant security 
problems by the Department in its annual performance evalua- 
tions, at least not in recent memory. 

But even if Livermore had been given unsatisfactory security rat- 
ings by its Department managers, security measures impact only 
a very small portion of the financial performance fees that the lab 
can receive under the current contract. I believe that without a 
closer link between security performance and financial perform- 
ance, lasting change at Livermore and elsewhere in the DOE com- 
plex will continue to prove elusive. 

Finally, we have also learned from this recent Livermore inspec- 
tion that we cannot always believe what we hear about the status 
of security reforms at the Department. In particular, the lab direc- 
tors and Secretary Richardson announced with much fanfare back 
in March a 9-point plan to undertake ambitious computer security 
upgrades on an even more ambitious timetable, reaching signifi- 
cant milestones within 30 days. And we were told in mid-April that 
those milestones were reached or would be reached within those 30 
days, permitting these computer systems to be brought back on line 
with enhanced security. 

Yet now we find that not only did Livermore fail to reach some 
important milestones as claimed, but that the lab thought it didn’t 
really need to do what it had promised to do. And we found out 
as well that some of what the lab directors and Secretary Richard- 
son promised would be done simply is not technologically feasible 
at this time and certainly not within the 30 days, which causes us 
all to worry that either they do not know what they are talking 
about, or they are more interested in the sound of the message 
than the reality of computer security. 

I hope to explore these and related topics in detail after we move 
into closed session. But I want to let the American people know 
that this committee will continue to press the Department and its 
labs, including Livermore, to make the necessary changes to im- 
prove their security. And we will continue to dig behind the rhet- 
oric to unmask the reality so that policymakers in both the execu- 
tive and legislative branches have accurate information upon which 
to make reasoned policy judgments in this area. 
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I thank our witnesses for appearing before this committee today, 
and I will recognize the ranking member, Mr. Klink. 

[The prepared statement of Hon. Fred Upton follows:] 

Prepared Statement of Hon. Fred Upton, Chairman, Subcommittee on 
Oversight and Investigations 

Today’s hearing is the continuation of a classified briefing held for Members three 
weeks ago on the results of a recent internal Department of Energy inspection of 
security at Lawrence Livermore National Laboratory. While that briefing certainly 
was illuminating, the ability of Members and staff to question the witnesses — many 
of whom are here again today — was limited by the Department’s decision to with- 
hold the inspection report and related documents from the Committee prior to that 
briefing. Now that we finally have received the necessary materials and have had 
a chance to review the inspection report in detail, we have called today’s hearing 
to dig deeper into some of the issues raised by this recent inspection. 

While much of what we discuss today will be classified and thus discussed behind 
closed doors, some of what we have learned so far is unclassified and can and should 
be discussed publicly — in particular, those issues that bear on the seeming inability 
of the lab and the Department to conduct effective security management and over- 
sight, to provide accurate information about the state of security to policy makers 
in the Department, the White House, and in Congress, and to take prompt and ef- 
fective correction actions with respect to identified vulnerabilities. 

For example, there are numerous references in the recent inspection report to 
past findings of a similar, serious, and recurring nature — findings that went uncor- 
rected for years. In other cases, the lab and Department field offices failed, during 
their own security reviews, to identify serious issues found by the recent inde- 
pendent inspection team, and apparently did not even evaluate some significant 
areas of potential security concern. In still other cases, the lab and field office secu- 
rity assessments did reveal vulnerabilities similar to those identified by the outside 
inspectors, but either corrective action was not taken or the program officials deter- 
mined that the risk was somehow acceptable — that is, until the independent inspec- 
tors recently put this unwanted spotlight on these issues. 

And, despite the recurrence of unresolved deficiencies year after year, we’ve 
learned that Livermore has never been financially penalized for these significant se- 
curity problems by the Department in its annual contract performance evalua- 
tions — at least not in recent memory. But even if Livermore had been given unsatis- 
factory security ratings by its Department managers, security measures impact only 
a very small portion of the financial performance fees that the lab can receive under 
the current contract. I believe that, without a closer link between security perform- 
ance and financial performance, lasting change at Livermore and elsewhere in the 
D-O-E complex will continue to prove elusive. 

Finally, we’ve also learned from this recent Livermore inspection that we can’t al- 
ways believe what we hear about the status of security reforms at the Department. 
In particular, the lab directors and Secretary Richardson announced with much fan- 
fare back in March a Nine Point Plan to undertake ambitious computer security up- 
grades on an even more ambitious timetable — reaching significant milestones within 
only 30 days. And we were told in mid-April that those milestones had in fact been 
reached or would be reached within those 30 days, permitting these computer sys- 
tems to be brought back on-line with enhanced security. 

Yet now we find out that not only did Livermore fail to reach some important 
milestones as claimed, but that the lab thought it didn’t really need to do exactly 
what it had promised to do. And we find out, as well, that some of what the lab 
directors and Secretary Richardson promised would be done simply is not techno- 
logically feasible at this time or certainly not doable within 30 days — which causes 
me to worry that either they don’t know what they are talking about, or they are 
more interested in the sound of the message than the reality of computer security. 

I hope to explore these and related topics in detail, after we move into the closed 
session. But I want to let the American people know that this Committee will con- 
tinue to press the Department and its labs, including Livermore, to make the nec- 
essary changes to improve their security. And we will continue to dig behind the 
rhetoric to unmask the reality, so that policy makers in both the executive and leg- 
islative branches have accurate information upon which to make reasoned policy 
judgments in this area. 

I thank our witnesses for appearing before this Subcommittee today, and I will 
now recognize Ranking Member Klink, for an opening statement. 
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Mr. Klink. Thank you, Mr. Chairman for holding this follow-up 
hearing. This committee was responsible for the establishment of 
the Office of Security Evaluation back in the late 1980’s because 
of previous security crises at the Nation’s weapons facility. Yet the 
Congress and the country has been rocked again by allegations 
that year of espionage and poor security of all types at the Nation’s 
weapons laboratories. Both the Rudman report and internal reports 
from the Department of Energy have made it clear that security di- 
rectives, even when issued by the President of the United States, 
were ignored and even flaunted by the laboratories and their sci- 
entists. 

Senator Rudman spoke eloquently of the arrogant culture of the 
laboratories but, inexplicably, he didn’t think that the contractors 
who run the facilities were responsible for security, although their 
contracts specifically do give them those jobs. All we have to do is 
look at Dr. Tartar’s testimony today to find out who is in charge. 
Dr. Tarter magnanimously states that he is committed to DOE, 
that he will fund and implement the Secretary’s 9-point informa- 
tion security action plan. Until reading his testimony, I didn’t know 
Dr. Tarter had that choice. 

One of the key questions I hope that we can answer today, and 
I want to ask him, is whether Lawrence Livermore’s contract gives 
the University of California the responsibility and the budget for 
providing security for the Nation’s weapons secrets, and if he has 
ever been hindered by the Department from carrying out those re- 
sponsibilities. Then I want to ask if he considers that this is an op- 
tional responsibility, depending on whether or not he would like to 
carry it out. 

Surprisingly, the response in Congress to these new allegations 
has been to propose legislation to give the laboratories, the field of- 
fices that directly supervise them, and the Defense Programs oper- 
ation more independence and lack of oversight than ever before. 
The Assistant Secretary for Defense Programs, who was finally 
asked to resign a few weeks ago, last week came before another 
House committee and said these problems were everyone’s fault, 
but mostly they were not his. He was praised for his fine work. 
This is the same person who, according to testimony in the Senate 
by Notra Trulock earlier this yean, stopped Mr. Trulock in 1997 
from briefing former Secretary Pena about alleged spying at Los 
Alamos because it might have a negative effect on his budget re- 
quest. 

Nothing we have heard in our recent hearings gives any indica- 
tion that these changes will have the desired long-term effect in se- 
curity, safety, or in any other areas. Last week in the committee’s 
hearing on the reorganization of the Department being proposed by 
various congressional committees, a variety of experts stated that 
these reorganizations would very possibly make the accountability 
situation worse than it is now. This can only have a negative effect 
on security efforts. 

Two weeks before that, we held a hearing on radiation safety en- 
forcement security at DOE weapons facilities, at which Lawrence 
Livermore Laboratory was prominently featured because of the as- 
sessment of the largest fine in history of the Department for safety 
violations. And, again, there was great frustration expressed by the 
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Department’s enforcement staff because of the recalcitrant attitude 
of the laboratory and the failure of the field offices to force change. 

The historically poor state of security at Lawrence Livermore’s 
laboratory is more than evident from the lab director’s testimony 
today of all the steps he is now taking to improve security. I must 
ask why these actions were not taken years ago. I look forward to 
obtaining a clear statement from Lawrence Livermore and the Uni- 
versity of California of their responsibility for maintaining ade- 
quate security. Then perhaps the next time this happens, perhaps 
the Congress will not fool itself about where the blame should lie. 

With that, Mr. Chairman, I yield back my time. 

Mr. Upton. Are there other members seeking to give an opening 
statement? 

Mr. Burr. Mr. Chairman, just a brief one. I thank the chairman 
and I thank our witnesses for returning and for the addition of 
other ones. Let me suggest to you today that as we have looked at 
this, three things have popped up: culture, contractors and compla- 
cency, and I think those are the three areas that we need to deal 
with. 

Culture, something that was not a factor over the last 12 months 
but possibly 12 or 20 years, the culture that has to be changed, and 
that in fact the inspectors have recognized and highlighted as one 
of the challenges that they have. 

Contractors. From a standpoint that these in many cases are 
projects that have never been bid, we have to look at the relation- 
ship of the contract. We have to look at certain areas of the con- 
tract. One very glaring thing in your public statement, Mr. Tarter, 
is that you refer to the marginal rating in materials and control 
and accountability as in the Annual Report to the President. Yet 
the report to the President under materials control and account- 
ability is unsatisfactory. Marginal and unsatisfactory are com- 
pletely different, by definition, but I think this gets at the heart of 
the cultural and the complacency problem, that we read them as 
in fact the same. Complacency not only by contractors, but DOE, 
about a sense of urgency of addressing things that deal with na- 
tional security, deal with security of any corporation about secrets 
or about sensitive material that they have. 

I am hopeful that as we move through this, Mr. Chairman, that 
in a bipartisan way we can work with inspectors to make sure that 
we have an accurate way to gauge in the future not only our 
progress but our success at maintaining the safeguards and securi- 
ties that are needed. 

I thank the chairman for the time and I yield back. 

Mr. Upton. Mr. Stupak. 

Mr. Stupak. Thank you, Mr. Chairman. I will be brief. Mr. 
Chairman, we have had a number of hearings on this whole situa- 
tion, and I think back to the April 20 hearing in which we talked 
about the real fundamental problem is the lack of accountability; 
that when things happen we, the U.S. Government, are not holding 
people accountable. And I think that if we would do that, then 
these things would not recur with such frequency. 

Let me go back to what we have learned. We have had these con- 
cerns brought up in 1976, 1982, 1988, 1992, 1997, and now 1998 
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and 1999. And we always get assurances things will be different, 
but they never are. They never are. 

From the chairman’s comments to Ranking Member Klink, to ev- 
erybody here, they are frustrated and really not quite sure what we 
should do. So I think we should go back to our fundamental prob- 
lem here, which is lack of responsibility and accountability. 

So why we ever approved another 5-year extension for Livermore 
Lab is beyond me. I think we should start with accountability and 
responsibility and pull that contract today. Maybe then — maybe 
then people will understand we are serious about this. I am not 
trying to pile on anyone, but I am just as frustrated as anybody 
up here, and if we are really going to have accountability and re- 
sponsibility, then let us begin by pulling that contract. 

I yield back my time, Mr. Chairman. 

Mr. Upton. Other members? Mr. Shimkus. 

Mr. Shimkus. Thank you, Mr. Chairman. I just want to follow up 
on my colleague from Michigan’s point. I believe that the only way 
you can change the corporate culture is you remove the people who 
are established in the culture of whatever, the corporation, and we 
just don’t do that. And some are the rules that we have put in 
place protecting employees or contractors. 

I would like to see swift change in that and I agree with my col- 
league from Michigan that we ought to — this is something we 
ought to micromanage for a while through yearly contracts, and I 
am willing to be involved in that. We have had enough, and I think 
the displeasure of Congress is going to be felt. I yield back the bal- 
ance of my time. 

Mr. Upton. Other members? 

[Additional statements submitted for the record follow:] 

Prepared Statement of Hon. Tom Bliley, Chairman, Committee on Commerce 

Thank you, Mr. Chairman. Today’s hearing is the continuation of what I promised 
back in March. At that time, I promised that, in light of the breaking reports about 
lax security at our nuclear weapon labs, this Committee would take a long, hard 
look at security at each of the major Department of Energy nuclear facilities, whose 
general management falls within this Committee’s primary jurisdiction. 

But well before this recent security scandal, I directed Committee staff to work 
with the General Accounting Office to re-evaluate the status of security at these fa- 
cilities. I did so because of the Department’s poor history in implementing lasting 
reforms — the last wave of which occurred in the early 1990s under then-Secretary 
Watkins. That G-A-0 review is still underway, and today’s hearing will complement 
that work by providing very timely information about one particular and trouble- 
some lab — Lawrence Livermore National Laboratory in California. 

Let me state at the outset that Livermore is not being singled out by this Com- 
mittee for criticism. Nor do I believe it is the worst offender. But Livermore was 
the first of the major labs to receive an internal security inspection following the 
Department’s claims of major security reforms. Despite all of the high-profile atten- 
tion that this topic has received at Livermore and across the D-O-E complex since 
earlier this year, Livermore simply did not hold up well under this latest scrutiny. 
While we cannot discuss the specifics of the report’s findings in this open session, 
I can say that some of them are simply stunning — and have left me scratching my 
head, wondering how on earth things like this could have been happening for so 
long at a nuclear weapons lab without someone standing up and saying “this must 
stop.” 

Well, let me say that this, indeed, must stop. It is clear to me that, without ag- 
gressive and sustained internal and external oversight, Livermore will never fully 
correct these deficiencies, and I hope that this Committee’s efforts to shine a spot- 
light on Livermore’s troubles will assist those within the lab and the Department 
who truly want to achieve reform rather than just talk about it. 



7 


I understand that the Department’s internal inspection team is currently review- 
ing Sandia National Laboratory and plans to inspect Los Alamos in the near future 
as well. I expect that we will hold similar hearings on the findings of those inspec- 
tions, too. I hope that the Committee will not have to be prevented from gaining 
timely information about those inspections as it was with respect to the Livermore 
report. It troubles me that the Department forced excessive delays and my issuance 
of subpoenas to secure important materials for today’s hearing. 

This Committee has the absolute right to gain real-time and candid information 
about security at the Department’s facilities. I am not interested in DOE white- 
washing, defensive posturing, or the Administration’s “all is now well” spin. And I 
intend to continue to take whatever steps are necessary to secure security informa- 
tion in a timely fashion. If the Secretary needs to rearrange his schedule to keep 
one step ahead of this Committee’s work, that’s fine with me — I don’t know what 
other issue could be more important to him right now anyway. But I certainly won’t 
let the Department continue to delay our review of this matter, which is of pressing 
concern to our Nation’s security and to the American public. 

Thank you, Mr. Chairman, for your continuing focus on this matter. 

Mr. Upton. Okay. If not, if there are no further opening state- 
ments, the Chair will recognize our witnesses: Dr. Gil Weigand, 
Deputy Assistant Secretary for Strategic Computing and Simula- 
tion at the Department of Energy; Mr. Glenn Podonsky, Deputy As- 
sistant Secretary for Oversight, Office of Environment, Safety and 
Health at Department of Energy; Dr. James Turner, Manager of 
the Oakland Operations Office at the Department of Energy; and 
Dr. Bruce Tarter, Director of Lawrence Livermore National Lab. 

I think all of you are aware that this subcommittee is an inves- 
tigative subcommittee and, as such, we have always had the long- 
term practice of taking testimony under oath. Do any of you have 
objection to doing that? 

We also advise you that each of you, under the Rules of the 
House, you are entitled to be advised by counsel. Do any of you 
have desire to be advised by counsel? 

If not, in that case if you would stand and raise your right hand, 
and also, I guess, include the folks that may be testifying with you 
later on. 

[Witnesses sworn.] 

Mr. Upton. You are now under oath and you are now allowed 
to give, hopefully, a 5-minute summary of your written statement 
and we will start with Mr. Podonsky. Welcome back. 

TESTIMONY OF GLENN S. PODONSKY, DEPUTY ASSISTANT 
SECRETARY FOR OVERSIGHT, OFFICE OF ENVIRONMENT, 
SAFETY AND HEALTH, DEPARTMENT OF ENERGY; C. BRUCE 
TARTER, DIRECTOR, LAWRENCE LIVERMORE NATIONAL 
LABORATORY; ACCOMPANIED BY: MARTIN DOMAGALA, 
RICHARD MORTENSEN, JIM HIRAHARA, DENNIS FISHER, 
DON WENTZ, BILL HENSLEY, JOHN JONES, AND BARBARA 
STONE; GIL WEIGAND, DEPUTY ASSISTANT SECRETARY, 
STRATEGIC COMPUTING AND SIMULATION, DEPARTMENT 
OF ENERGY; AND JAMES TURNER, MANAGER, OAKLAND OP- 
ERATIONS OFFICE, DEPARTMENT OF ENERGY 

Mr. Podonsky. Thank you, Mr. Chairman. I appreciate the op- 
portunity to again appear before the committee to discuss the Of- 
fice of Independent Oversight and Inspection of the Lawrence 
Livermore National Laboratory. Just for clarification, I am now the 
director of the newly created Office of Independent Oversight and 
Performance. 
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As you know, we provided a classified briefing to members of this 
committee on July 1 on the results of our May 1999 inspection of 
safeguards and security programs at the Lawrence Livermore Na- 
tional Laboratory. At the briefing, we also provided copies of the 
classified inspection report. 

At this time, I would also like to introduce Ms. Barbara Stone 
who is sitting behind me, who is the Director of the Office of Secu- 
rity Evaluations. Ms. Stone was unable to appear at the July 1 
briefing as she was away on a much needed vacation. At that brief- 
ing we had Mr. John Hyndman, who is now engaged in the inspec- 
tion of Sandia National Laboratory where Ms. Stone and I will be 
proceeding immediately following this hearing. 

For the benefit of those who were unable to attend the July 1 
briefing, I would like to provide some background on who we are. 
My office is responsible for providing the Secretary an independent, 
impartial view of the effectiveness and safeguards of security, 
cybersecurity and emergency management policies and programs 
throughout the Department of Energy. The Office of Security Eval- 
uations which performed the inspection at Lawrence Livermore Na- 
tional Laboratory is one of the three offices that report to me. 

As you may recall, the Office of Security Evaluations was origi- 
nally established in 1984 to provide the Energy Department an 
independent assessment on the effectiveness of safeguards and se- 
curity policies and programs throughout the Department. Con- 
gressman Dingell and Congressman Bliley were instrumental in 
the formation of that office. 

As part of Secretary Richardson’s recent effort to strengthen 
independent oversight of safeguards and security, the Office of 
Independent Oversight and Performance has now been elevated to 
report directly to him. 

Now, I would like to take a minute to provide an unclassified 
summary of the May Livermore inspection. Our overall conclusion 
was that improvements were being made at Livermore but signifi- 
cant weaknesses remained to be addressed. For example, we saw 
improvements in the intrusion detection systems and significant 
progress to improve classified information on computer systems. 
However, we identified weaknesses that warrant continued atten- 
tion in a number of areas. One of the weaknesses involved inad- 
equate vulnerability assessments of the Superblock which is the 
area at Livermore where special nuclear material is used and 
stored. We also noted weaknesses in some aspects of Livermore’s 
ability to accurately measure some types of nuclear materials. 
Other weaknesses were evident in Livermore’s programs for pro- 
tecting classified and sensitive information. 

We identified weaknesses in their methods for storage of classi- 
fied parts and some of the control of access areas containing classi- 
fied matter. We were also concerned about foreign nationals being 
able to access Livermore unclassified computers through dial-up ac- 
cess. We noted that some aspects of the 9-point security plan for 
cybersecurity, which is a plan for improving classified information, 
required some work. Let me emphasize that these weaknesses war- 
rant significant attention and require prompt action; however, as 
I told this committee during the briefing on July 1, we believe that 
the responsible line managers which are here today from the Office 



9 


of Defense Programs, the Oakland Operations Office, and Liver- 
more National Laboratory, are taking the inspection report seri- 
ously now. 

Although the formal inspection ended in May, the Office of Inde- 
pendent Oversight has continued to follow up on the progress to 
address identified deficiencies. We have been in frequent contact 
with the responsible DOE and Livermore managers since the in- 
spection ended. Our follow-up efforts indicated that corrective ac- 
tions are underway. For example, at the time of our July 1 briefing 
to this committee and as part of our follow-up, my office sent our 
inspectors back to Livermore to review progress at Superblock in 
the areas of modeling and testing, which is needed to verify the ef- 
fectiveness of the protective strategy and response plan at Liver- 
more. 

Since the May 1999 inspection, Livermore has developed and is 
implementing a program of testing and modeling that is appro- 
priate for verifying the effectiveness of protective force response. 
Livermore has also placed additional protective force personnel in 
the Superblock to improve response capability under the new pro- 
tective strategy as defined. The Office of Oversight will continue to 
conduct follow-up visits and perform independent testing to verify 
the effectiveness of Livermore’s corrective actions. 

In summary, I would like to say that the deficiencies at Liver- 
more appear to be receding with a high level of management atten- 
tion now. It is clear throughout the DOE management chain that 
the efforts to improve safeguards and security have the personal 
attention and support of Secretary Richardson. While not dimin- 
ishing the significance of the deficiencies identified by my inspec- 
tors, our follow-up efforts indicate that corrective actions are being 
taken to address the vulnerabilities that we have identified. 

As I previously stated on July 1, this has not always been the 
case in our experience at the Department of Energy. We have seen 
countless reports, including many of ours, where plans and correc- 
tive actions were made with little effect. But we believe Secretary 
Richardson has made and continues to make a significant dif- 
ference. He is a Secretary who is completely engaged. This is why 
we are confident that corrective actions will now be taken. 

However, I assure you that the Office of Independent Oversight 
will continue to follow up and make certain that these corrective 
actions are effective. And as I stated in the July 1 briefing, we will 
trust but we will continue to verify. Thank you, Mr. Chairman. 

[The prepared statement of Glenn S. Podonsky follows:] 

Prepared Statement of Glenn S. Podonsky, Office of Office of Independent 
Oversight and Performance Assurance, Department of Energy 

Thank you Mr. Chairman. I appreciate the opportunity to again appear before 
this committee to discuss the recent Office of Independent Oversight inspection of 
the Lawrence Livermore National Laboratory. 

I am the Director of the newly created Office of Independent Oversight and Per- 
formance Assurance. As you know, we provided a classified briefing to members of 
this committee on July 1st on the results of our May 1999 inspection of safeguards 
and security programs at the Livermore National Laboratory. At that briefing, we 
provided copies of the inspection report to the Committee. 

At this time, I would like to introduce Ms. Barbara Stone, Director of the Office 
of Security Evaluations. Ms. Stone was unable to attend the July 1st briefing as she 
was away on a much-needed vacation. At that briefing, Mr. John Hyndman provided 
some details on the Livermore inspection results. Mr. Hyndman is now engaged in 
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an inspection of Sandia National Laboratories as part of our ongoing effort to review 
all three of the major weapons laboratories. 

For the benefit of those who were unable to attend the July 1st briefing, I would 
like to provide some background on who we are. My office is responsible for pro- 
viding the Secretary an independent, impartial view of the effectiveness of Safe- 
guards and Security, Cyber Security, and Emergency Management policies and pro- 
grams throughout the Department of Energy. The Office of Security Evaluations 
performed the inspection of the Livermore Laboratory. It is one of three offices that 
report to me. As you may recall, the Office of Security Evaluations was originally 
established in 1984 to provide the Energy Department an independent assessment 
of the effectiveness of Safeguards and Security policies and programs throughout 
the Department. Congressman Dingell and Congressman Bliley were instrumental 
in the formation of this office. As part of Secretary Richardson’s recent efforts to 
strengthen independent oversight of safeguards and security, the Office of Inde- 
pendent Oversight and Performance Assurance has been elevated to report directly 
to the Secretary. 

Now, I will take just a minute to provide an unclassified summary of the results 
of the May Livermore inspection. Our overall conclusion was that improvements 
were being made at Livermore, but that significant weaknesses remain to be ad- 
dressed. For example, we saw improvements in the intrusion detection systems and 
significant progress to improve the security of classified information on computer 
systems. However, we identified weaknesses that warrant continuous attention in 
a number of areas. One of the weaknesses involved inadequate vulnerability assess- 
ments of the Superblock, which is the area at Livermore where special nuclear ma- 
terial is used and stored. We also noted weaknesses in some aspects of Livermore’s 
ability to accurately measure some types of nuclear materials. Other weaknesses 
were evident in Livermore’s programs for protecting classified and sensitive infor- 
mation. We identified weaknesses in the methods for storage of classified parts and 
in some of the controls on access to areas containing classified matter. We were also 
concerned about foreign nationals being able to access Livermore’s unclassified com- 
puters through dial up access. We noted that some aspects of the “nine-point” plan, 
which is a DOE plan for improving security of classified information, required work. 

Let me emphasize that these weaknesses warrant significant attention and re- 
quire prompt action. However, as I told you during the briefing on July 1st, we be- 
lieve that the responsible line managers, which include the Office of Defense Pro- 
grams, the Oakland Operations Office, and, and the Lawrence Livermore National 
Laboratory contractor management team, are taking the inspection report seriously. 

Although the formal inspection ended in May, the Office of Independent Oversight 
has continued to follow-up on the progress to address identified deficiencies. We 
have been in frequent contact with the responsible DOE and Livermore managers 
since the inspection ended. Our follow-up efforts indicate that corrective actions are 
underway. For example, at the time of our July 1st briefing to this committee, and 
as part of our follow-up efforts, my office sent our inspectors back to Livermore to 
review progress at the Superblock in the areas of modeling and testing, which is 
needed to verify the effectiveness of the protection strategy and response plan at 
Livermore. Since the May 1999 inspection, Livermore has developed and is imple- 
menting a program of testing and modeling that is appropriate for verifying the ef- 
fectiveness of the protective force response. Livermore also has placed additional 
protective force personnel in the Superblock to improve response capability until the 
new protection strategy is determined. 

The Office of Independent Oversight will continue to conduct follow-up visits and 
perform independent testing to verify the effectiveness of Livermore’s corrective ac- 
tions. 

In closing, I would like to say that the deficiencies at Livermore appear to be re- 
ceiving a high level of management attention. It is clear throughout the DOE man- 
agement chain that the efforts to improve safeguards and security have the personal 
attention and support of Secretary Richardson. While not diminishing the signifi- 
cance of the deficiencies identified in our report, our follow-up efforts indicate that 
corrective actions are being taken on the vulnerabilities we have identified. As I 
have previously stated, this has not always been the case in our experiences with 
the Department. We have seen countless reports, including many of ours, where 
commitment, plans, and corrective actions were made with little results. But, we be- 
lieve Secretary Richardson has made, and continues to make, a significant dif- 
ference. He is a Secretary who is completely engaged. This is why we have con- 
fidence that corrective actions will be taken. However, I assure you that the Office 
of Independent Oversight will continue to follow-up to make certain that the correc- 
tive actions are effective. As I indicted at the July 1st briefing, we will trust, but 
we will verify. 
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Thank you again Mr. Chairman, we are now ready for your questions. 

Mr. Upton. Dr. Tarter — by the way, Mr. Podonsky, we did want 
to receive copies of your testimony in advance. Would it be possible 
maybe for one of our clerks to get a copy of your opening remarks 
there, and we will make copies for members here in time for the 
questions. Could someone maybe do that for me? 

TESTIMONY OF C. BRUCE TARTER 

Mr. Tarter. Thank you, Mr. Chairman. Let me begin with a 
brief statement which is, I think, part of the opening page in my 
testimony. But, as I think all of you know, we are a national secu- 
rity laboratory. Nearly all of the work of the laboratory is focused 
on national security. And my particular highest responsibility each 
year is to certify certainly to the President of the United States 
that the United States stockpile of nuclear weapons is safe and re- 
liable. That is the focus of the laboratory. And obviously being able 
to carry out operations in a safe and secure manner is an essential 
ingredient in making that annual certification to the President 
which we have now been able to make — this year will be the fourth 
year we have formally made that recommendation on the weapons 
in our stockpile. 

To do that, we have three kinds of security at the laboratory. 
There is physical security, there is cybersecurity, and there is es- 
sentially what I would call personnel security. And I think the OSE 
evaluation focused primarily on physical security and 
cybersecurity, and I will make a comment or two about those, and 
then I will also make an additional comment about personnel secu- 
rity, which I think is equally important but is not the specific sub- 
ject of the OSE evaluation. 

In physical security, I think the area which Mr. Podonsky has 
mentioned of greatest concern, and I think to some degree of great- 
est difficulty, is that involving the guarding of special nuclear ma- 
terials. And I think in all of these areas in physical security and 
cybersecurity as well as the personnel security, three factors come 
into play. One, the threat changes. The threat evolves. And I think 
one of the major features of the annual OSE evaluation is not to 
review the same set of issues each year, but to engage the threat 
as it’s evolving and also technology as it’s evolving in order to meet 
that threat. 

In the area of physical security, I think, as Mr. Podonsky indi- 
cated, that we are focused very well on a plan involving a higher 
level of technology to provide the assurances and simulations to 
guarantee the safety of the special nuclear materials. And I think 
that plan — he described it both in your previous hearing, and we 
are in an iterative process with the Department to assure that we 
will reach closure on that in the near future. 

In the area of cybersecurity — and I have testified to this in sev- 
eral other hearings in the past months — I think it is a complicated 
area for the U.S. Government. And I think Dr. Weigand may in his 
own testimony — Dr. Weigand is a particular expert in this area — 
make additional comments. This is not a simple thing, whether you 
are the Bank of America, a national security laboratory, or perhaps 
even Congress. 
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Technology is evolving very rapidly, and I think this is a complex 
area. 

I believe you, Mr. Klink, asked about our commitment. My com- 
mitment in the area of cybersecurity goes beyond that needed to 
simply satisfy the OSE evaluation. I think because of the high reli- 
ance on cyberwork in our programmatic work, as well as its high 
vulnerability as part of intrinsic security, I am committed to not 
just passing the bar, but passing it with a significant gap. I think 
we have to do much better and I think we have begun to be en- 
gaged with the other pieces of the U.S. Government, the National 
Security Administration, the Department of Defense and other 
areas to try to make the best technology fit into cybersecurity. 

Let me remind the committee of one issue which has been 
brought out in the evaluations, but just again to reemphasize — at 
Livermore, as is true at other national security laboratories, there 
are two kinds of computers and computer networks. There is a 
classified computer network in which almost all of the national se- 
curity work is done, the design of bombs, the assessment of nuclear 
intelligence from other countries, all of those issues. And that com- 
puter system has no electronic links to any of the unclassified com- 
puter systems. It can’t get there. There is an air gap as big as be- 
tween your desk and mine. There is no way to transmit informa- 
tion between those two systems. 

In the area of cybersecurity we have, I think on our own but also 
as a result of the Secretary’s strong emphasis in this area, rein- 
forced the security of the classified network and all of the classified 
computing. 

In addition, I think we have as part of the 9-point plan, as part 
of the additional measures we have taken, we have taken a number 
of steps to enhance even further the general security of the unclas- 
sified computer networks. Again, as I think all of you know, that 
is not a technologically simple exercise to do. And I think Dr. 
Weigand may wish to comment on that, but I think we are putting 
major resources and major effort into the technology and the inter- 
actions necessary to accomplish that. 

The third piece of security at the laboratory involves personnel 
security. And this is a matter of basically having the people who 
work at the laboratory and national security be reliable and be 
trusted people. Now, that is not the job of the laboratory, that is 
the job of the Department of Energy to clear them at the proper 
level. But it is the job of the laboratory to basically have a counter- 
intelligence program which assesses threats, assesses interactions, 
and makes recommendations on how we can best both train the 
employees, train the system to sense vulnerabilities and to sense 
the threat, and the whole variety of issues that come under the 
word “counterintelligence.” 

I believe at our laboratory — and it has been put into the record 
in testimony not by people from the laboratory but by people from 
the Department — that we have an excellent, an outstanding at 
some levels, counterintelligence program. And I think in many re- 
spects, ensuring that that program is on a par with the best in the 
world is equally important to the physical and the cybersecurity. 
And I think we have spent a great deal of time in the two 
standdowns, security immersion things in training and educating 
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the people on a threat, on the vulnerabilities, which both because 
of technology and because of the evolving world general political 
structure, are very, very different than they were in 1985 or 1990; 
and that, I think, is why I believe the OSE inspections are a 
healthy thing. I think finding issues — an OSE team that could not 
find issues, I think wouldn’t be a good OSE team. The laboratory 
that did not have corrective action plans to respond to those would 
not be an appropriate thing. To have a clean perfect record is nei- 
ther testing us nor their system. 

So I believe that process is a healthy process. I think the tension 
is a healthy tension and I think we’re engaged in that process very 
well today. And when I made my comment about commitment, I 
think the commitment again is not this year, or other years, simply 
now to pass the bar but to pass the bar with a sufficient measure, 
a gap that in fact it will provide confidence in the Congress as well 
as in the Department that in fact the laboratory and its facilities 
are secure. Thank you very much Mr. Chairman. 

[The prepared statement of C. Bruce Tarter follows:] 

Prepared Statement of C. Bruce Tarter, Director, Lawrence Livermore 
National Laboratory, University of California 

OPENING REMARKS 

Mr. Chairman and members of the committee, I am the Director of the Lawrence 
Livermore National Laboratory (LLNL). Our Laboratory was founded in 1962 as a 
nuclear weapons laboratory, and national security continues to be our central mis- 
sion. Livermore is a principal participant in the Department of Energy’s Stockpile 
Stewardship Program, heavily involved in programs to prevent the proliferation of 
weapons of mass destruction, and engaged in energy, environmental, and bioscience 
R&D as well as industrial applications of our core technologies. 

Our National Security mission and safeguards and security are inextricably 
linked, and we take both of them very seriously at Livermore. We cannot carry out 
our National Security mission effectively without appropriate protection of classified 
and sensitive information and materials. Like National Security, safeguards and se- 
curity continues to evolve in terms of requirements and objectives. We have an ex- 
tensive security and counterintelligence infrastructure in place at our Laboratory, 
and we continually make adjustments and upgrades to address new threats and 
concerns. Through a process of internal self-assessments, technical consultants, and 
external reviews, we ensure our readiness to deal with a broad spectrum of threats. 
At Livermore, we believe our Special Nuclear Materials (SNM) and sensitive and 
classified information are secure. 

The review recently conducted by the Office of Security Evaluations (OSE) was 
helpful in identifying areas for improvement. The OSE concluded that in two key 
areas. Physical Security which deals with the technical systems that help protect 
Special Nuclear Material, and Classified Cyber Security, which deals with the pro- 
tection of our classified computing networks, the Laboratory received the highest 
possible rating. 

That is not to say we do not have work to do. Opportunities for improvement were 
noted in all areas of the OSE report, and the Laboratory is firmly committed to ad- 
dressing them. I would like to assure you that the concerns raised in the OSE report 
are receiving high priority, and resources are being made available by the Labora- 
tory to address them. 

We have invested heavily in enhanced employee training in security at Livermore. 
In April, we underwent an intensive two-day cyber security stand-down in which we 
addressed not only cyber security, but also conducted formal sessions on general se- 
curity requirements and counterintelligence. In June, in response to Secretary Rich- 
ardson’s 5-point Security Immersion Program, we ceased all normal operations for 
two additional days of security training. Our employees were fully engaged in these 
training programs, and have made many suggestions for further improving security. 

One concern raised by the OSE team had to do with the mixed Q and L clearance 
environment in the Limited Area of the Laboratory. In recent years, DOE’s goal has 
been to reduce the number of Q clearances. This has been accompanied by an in- 
crease in the number of individuals having an L clearance. These are individuals 
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who are allowed physical access to the Limited Area but who do not have access 
to weapons data. For the record, I would like to note that there are no foreign na- 
tionals at LLNL with an L clearance. Any LLNL foreign national visiting the Lim- 
ited Areas has always required an escort. Within the Limited Area, we rely largely 
on administrative controls to prohibit access to classified information by L-cleared 
personnel. We believe that, although well intended, the reduction in Q clearances 
has lessened security, and we would like to see funding made available for Q-clear- 
ances for all personnel requiring access to the Limited Area of the Laboratory. 

The Annual Report to the President on Safeguards and Security rated LLNL “Un- 
satisfactory” in the area of Materials Control and Accountability (MC&A) and “Mar- 
ginal” overall. More recently, the April/May OSE Inspection rated LLNL “Marginal” 
in this MC&A area. In a letter to Assistant Secretary Vic Reis dated May 14, 1999, 
I personally assured him that the Laboratory was committed to rectifying the rating 
in MC&A before the end of the calendar year. I would like to note that we are on 
schedule in our action plan, with most actions already complete. Similarly, in that 
same letter to Dr. Reis, I committed to funding and implementing the LLNL Tri- 
Lab INFOSEC Action Plan as approved by DOE. Again, many actions have already 
been completed and we continue to be on schedule. I note these formal commitments 
in that they also address some of the concerns raised in the OSE evaluation. 

The OSE team was careful to note in their report major improvements made in 
the Safeguards and Security program to address past concerns, and these improve- 
ments are continuing. There have been important technical upgrades to the Perim- 
eter Intrusion Detection and Alarm System (PIDAS) that surrounds our Superblock, 
which contains our Plutonium facility, to provide early detection of both airborne 
and bridging attacks. We have recruited and put in place an offensively trained Spe- 
cial Response Team having the training necessary to implement a recovery or recap- 
ture action. One hundred percent searches are conducted at material access area 
portals in the Plutonium Facility. Over 100 simulations of adversary attacks have 
been completed, and we are continuing to refine our simulation methodology, attack 
scenarios, and defensive strategies. We have engaged an external advisory group of 
very senior former military and FBI experts to advise us in this work. Since the 
completion of the OSE SE we have committed additional officers to the Superblock 
and taken other compensatory measures to assure the security of our SNM assets. 

Other improvements noted in the OSE report include the installation of an intru- 
sion detection system in a building inside the Limited Area used for the storage of 
classified non-SNM weapons parts. Alarm systems are now in design for two other 
facilities in the Limited Area. Foreign Ownership, Control or Influence (FOCI) re- 
views of all contractors have been completed. A baseline inventory of plutonium has 
been completed, and improved procedures to ensure effective and timely accounting 
for any inventory differences have been put in place. 

In the area of cyber security, we have already implemented many elements of the 
Tri-Lab Committee’s “nine point plan.” For example, steps have been taken to en- 
sure the physical incompatibility of removable media between classified and nearby 
unclassified computer systems. Scanning of outgoing e-mail has been instituted, and 
funding has been committed for implementation of a multi-level system that will 
separate sensitive unclassified computer processing from the remainder of unclassi- 
fied processing. The frequency of vulnerability scans of network computers is being 
increased, and unclassified archives are being scanned for classified content. To date 
over 4 million files have been scanned, and no classified content has been found. 
Procedures for authorizing access to unclassified computers by foreign nationals 
have been tightened, and today no foreign nationals have access to Livermore un- 
classified computer networks without having gone through an indices check and 
having a formal computer security plan approved by the Laboratory. All dial-up ac- 
cess by foreign nationals is routed through a common terminal server which has 
special intrusion detection software. 

In summary, safeguards and security go hand in hand with our National Security 
mission at Livermore. We are committed to an excellent safeguards and security 
program, and have been taking, and will continue to take, the steps necessary to 
achieve it. 


PHYSICAL SECURITY AT LIVERMORE 

Livermore’s security construct is based on a series of defensive layers — a graded 
approach that provides increasing barriers that correspond to the increasing value 
of critical Laboratory assets. 

Clearances, badging, and background checks on Laboratory employees (including 
subcontractors) constitute a first line of defense. Those people with access to classi- 
fied assets undergo background investigations associated with DOE Q, L or sen- 
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sitive compartmented information (SCI) clearances as appropriate. Reinvestigations 
are scheduled automatically at five-year intervals or as needed on a for-cause basis. 

Livermore uses a defense-in-depth approach to physical barriers — fences, doors, 
repositories, and vaults. The Laboratory’s outer perimeter fence provides the basic 
physical protection to U.S. government property. Additional protection is provided 
for “limited” areas where classified assets are present. The level of clearance re- 
quired to freely transit these areas is also higher. Classified parts and materials are 
provided additional physical protection and access control. Significant quantities of 
special nuclear material receive the highest level of protection, with vault-like phys- 
ical protection as well as aggressive armed defense and response capabilities. 

At each physical barrier (e.g., fence, building, vault), there are various levels of 
access control. Access control is performed either by security officers or automated 
security access portals. At more restricted areas, access is checked against specific 
access lists. Need-to-know is required, in addition to the appropriate clearance, be- 
fore an individual is allowed access to classified assets. 

The Laboratory employs security officers who are fully trained and accredited to 
meet DOE criteria. The level of training varies with the assignment (defensive, of- 
fensive, or special response). We currently have over 40 offensively trained officers 
in our Special Response Team and have a new group beginning academy training 
next month. Training is extensive and performance based. The security force under- 
goes regular performance tests, self-assessments, DOE surveillance, and inspections. 

Physical security is designed into new facilities and facility modifications. Detec- 
tion systems are continuously monitored and routinely tested. The Laboratory’s se- 
curity system is prepared for armed response to all unauthorized intrusions. 

In the Annual Report to the President on Safeguards and Security we received 
a “Marginal” rating overall but, an “Unsatisfactory” rating in MC&A. The issue in- 
volved our inability to meet SNM inventory requirements at a time when the Pluto- 
nium Eacility was shut down to address safety concerns, preventing monitoring and 
measurements. Now that safety concerns have been addressed and the facility re- 
opened, we have resumed all special nuclear material measurements and inventory 
monitoring and we believe we will be in compliance with DOE requirements. 

We have high confidence in our Safeguards and Security programs and in the se- 
curity of our critical assets. We have implemented technical and procedural en- 
hancements to strengthen our physical security, remedied material control and ac- 
counting deficiencies, and fully upgraded our strategy to protect nuclear material at 
our Laboratory. 


CYBER SECURITY AT LIVERMORE 

Cyber or computer security is a critical element of Livermore’s overall security 
construct. The Laboratory has both classified computer networks and unclassified 
computer networks. The two are separate and are not connected. We also have nu- 
merous stand-alone computer systems and local area networks in both classified and 
unclassified areas. There are no connections from Livermore’s classified computers 
to the outside world except through NSA-approved encryption. 

In addition to physical barriers between the unclassified and classified computing 
environments at Livermore, there are need-to-know barriers within the classified 
computer systems. Access to a classified computing network does not grant users 
access to all the information in that network. The same need-to-know requirements 
that apply to verbally communicated information and documents also apply to com- 
puter-stored information. 

Recent concerns about espionage involving computer-based information and codes 
spurred a thorough reassessment of computer security at our Laboratory, including 
threat awareness and training. We support the Secretary of Energy’s cyber security 
initiative and are contributing to his INFOSEC planning. 

On April 2, 1999, the Secretary of Energy called for a stand-down of all classified 
computing at the three DOE national security laboratories. At Livermore, we went 
even further and shut down all classified computing, all co-located unclassified com- 
puting, and all unclassified supercomputing. The stand-down was the first step of 
a Tri-Lab INFOSEC Action Plan that has been developed and approved by Sec- 
retary Richardson. The plan consists of nine action items with specific scheduled 
milestones. We have met all milestones to date. We will continue working with the 
DOE Office of Chief Information Officer (CIO) to fully implement the Tri-Lab 
INFOSEC Action Plan and further enhance cyber security at the Laboratory. 

In addition, on June 21-22, we conducted a two-day-long Security Immersion Pro- 
gram at Livermore to accelerate the security initiatives launched by Secretary Rich- 
ardson in April. Supervisors were instructed to ensure that all Laboratory employ- 
ees complete the program, which was directed toward five objectives identified by 
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the Secretary to strengthen security at the laboratories, assessing security issues in 
individual work areas, and appl3dng what has been learned to each individual’s 
workplace. 

We have taken dramatic steps to focus the attention of all Laboratory employees 
on the threat of foreign intelligence sources as related to cyber security. All employ- 
ees (including those who do not normally use computers but could have need or ac- 
cess in the future) received special computer security training. We also trained sub- 
contractor employees and consultants. All computing was discontinued until train- 
ing was complete for all employees on site. Employees who were on travel or leave 
were trained immediately upon their return. In addition, we have since expanded 
our on-going computer security training and threat awareness training for all Lab- 
oratory personnel using classified computers. This training is unclassified and acces- 
sible via a website to make it readily available to our employees and easy to update. 

Every computer work area and environment at Livermore was evaluated and 
changes were made as necessary to ensure that LLNL classified and sensitive com- 
puting meet the highest standards of information security. In particular: 

• We have also taken measures to preclude the transfer of information from classi- 

fied to unclassified computers in a single work area by the use of removable 
media. 

• We have instituted two-person controls over the authorized transfer of unclassi- 

fied information from classified computers to unclassified computers. 

• Until a more permanent security fix is in place, since April 2, 1999, we have tem- 

porarily disabled the file interchange system on the classified supercomputer so 
that it is impossible to transfer files from the classified supercomputers or the 
archives to an unclassified computer. 

• We also have begun to scan outgoing presumably unclassified e-mail as well as 

computer files for possible sensitive or classified information. To date, we have 
scanned over 4 million files in our effort to ensure there is no classified material 
in unclassified computer files. No issues have arisen. 

• We have strong need-to-know controls on our classified network; yet we are inves- 

tigating ways to provide an even greater level of protection. We are also study- 
ing how to apply these same concepts to the unclassified systems to provide bet- 
ter protection to unclassified sensitive information. 

In addition, I have also created a Computer Security Policy Board comprised of sen- 
ior managers to both develop policies and advise me on matters related to unclassi- 
fied computer security. (Classified computer security policy is defined by DOE Or- 
ders.) 

On our unclassified computing network, we are improving the way we protect un- 
classified sensitive information. Some information must be available worldwide, but 
other information must be protected for privacy, proprietary, or export control rea- 
sons. We are implementing additional “firewalls” within our unclassified network to 
separate fully accessible information from unclassified sensitive information. For 
several years, Livermore has had an ongoing program to annually scan/audit a sub- 
set of its unclassified computer systems for security vulnerabilities. We have ex- 
panded this policy so that now all unclassified computer systems must be scanned 
at least once a year and that appropriate correction/fixes to detect vulnerabilities 
must be undertaken immediately. 

The Laboratory has long had a policy of monitoring users accessing our computer 
resources via the Internet. We have now expanded our monitoring to cover all dial 
in access to Livermore computers. Any Foreign Nationals (FNs) with dial-in capa- 
bilities are monitored. Additionally, any FN granted access to unclassified computer 
resources must first have a programmatic justification of need by the sponsoring 
Laboratory program and an approved security plan on record for each FN. The Lab- 
oratory required that all FNs with access to computer resources had to be recertified 
by June 3(3, 1999. No one was “grandfathered” in under our process and those not 
recertified are being denied access to the computer resources. Certification refers to 
having a programmatic justification and a security plan in place. Livermore will re- 
quire that all FNs granted access to Laboratory computer resources must be proc- 
essed through the Foreign Visits and Assignments Office. This will ensure that any 
FN with access to Laboratory computer resources will have met the necessary cri- 
teria and that their access to computer resources is being monitored. 

Finally, our Laboratory is working with personnel at Sandia, Los Alamos, and 
DOE to develop a “best in practice” plan for cyber security. So far, we have com- 
pleted a benchmarking of several organizations inside and outside of the govern- 
ment to determine what others are doing to protect information from both outsiders 
and insiders. This planning activity has an oversight board that is currently being 
staffed with cyber security professionals from industry along with the CIOs from the 
three laboratories. 
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Our approach to cyber security goes beyond addressing vulnerabilities or problems 
that we identify or that are brought to our attention. We are using this cyber secu- 
rity upgrade as an opportunity to apply our multi-disciplinary approach to science 
and technology to become a model for cyber security. Leading-edge cyber security 
is vital to our programmatic missions and is an area where we can leverage our ex- 
pertise to enhance national security in the broadest sense. 

CLOSING REMARKS 

Accomplishing our national security mission requires outstanding science and 
technology. Simultaneously, we must ensure that the application of that science and 
technology to national security is protected at all levels. We have long recognized 
the inherent challenge involved in protecting national security information while 
fostering the interchange of ideas required for cutting-edge science and technology. 
Indeed, to a considerable degree, the nation’s security rests on the technological ad- 
vances that arise from the world-class R&D conducted at Livermore and the other 
national security laboratories. 

A multi-faceted security apparatus is in place at our Laboratory, including phys- 
ical security, operational security, personnel security, information security, commu- 
nications security, cyber security, counterintelligence, and employee security aware- 
ness. We continually make adjustments and upgrades to address new threats and 
concerns. We take strong positive action on security and counterintelligence issues, 
whether they are anticipated or identified by us or others, or are brought to our at- 
tention in the form of executive or departmental orders or inspections. Proactive and 
effective security and counterintelligence allows us to meet the challenge of ensuring 
national security while operating in a global world.The recent evaluation conducted 
by OSE noted many improvements to LLNL’s security system while identifying 
areas for further improvement. We have prepared an aggressive corrective action 
plan that, technology permitting, will resolve any issues by the end of the year. I 
have committed the resources and established the priority to ensure that this plan 
is executed. Corrective actions have already been taken on many issues and, as ap- 
propriate, compensatory actions are in place. I am confident that at LLNL, our Spe- 
cial Nuclear Material and sensitive and classified information are secure. 

Mr. Upton. Thank you. Dr. Weigand, would you like to com- 
ment? 


STATEMENT OF GIL WEIGAND 

Mr. Weigand. I will make a set of very brief comments. I would 
like to give you the opportunity to ask me any questions that you 
would like. 

Good morning, Mr. Chairman, and subcommittee members. I am 
Dr. Gil Weigand. I am the Deputy Assistant Secretary for Research 
Development Simulation and Defense Programs. That is a slightly 
different title than you utilized. We are in the process of reorga- 
nization, as you are well aware, trying to define line management 
a little bit better, and two organizations have been combined and 
now I am responsible. I have been in this position for 8 months and 
this position is responsible for the laboratories. 

I was put in this position because I bring to that position indus- 
try and DOD program management experience. As I indicated in 
the July 1 testimony to the subcommittee. Defense Programs recog- 
nizes that our job is to fix the problems. We a^ee substantially 
with the issues identified by Mr. Podonsky and his team and have 
taken both immediate and interim actions to address their con- 
cerns. I want to point out that since taking this position in this 
area that involves Livermore and the security, I have put in place 
no less than four corrective action plans. And those corrective ac- 
tion plans have milestones that have weekly or monthly obligations 
by the laboratory, and to date the laboratory has not missed a sin- 
gle one of them. 



18 


I also, when finding out the results from Mr. Podonsky, before 
he even left the site we were in the process of doing what I call 
a path forward plan, which was an immediate layout of the plan 
that ultimately became part of the broader planning for corrective 
action on this in the area of special nuclear materials. It is ex- 
tremely important that we protect those materials, but it is also ex- 
tremely important that I have those facilities available and open to 
me, since I am equally responsible now for the facilities and for the 
conduct of the research and development at the laboratories. A 
draft of that plan, by the way, has been reviewed by Mr. 
Podonsky’s team and we have incorporated their comments. 

As a result of the cybersecurity concerns, we directed the forma- 
tion of a cybersecurity integrated security management plan. The 
first step is the development of a plan by August 1 which will cre- 
ate the most aggressive, across-the-board advance in cybersecurity 
at the labs. Not on my account. That will not be me that is basi- 
cally saying that, but by the account of some of the Nation’s fore- 
most experts in cybersecurity. 

The management team is headed by Bill Crowell, former deputy 
director of NSA. Last the Department, at the direction of Secretary 
Moniz, have taken parts of the corrective action plans that we have 
created and incorporated those into the Department’s goalposts 
plan which will result in a green designation for safeguards and se- 
curity at LLNL, the Livermore labs, by the end of the year. 

As you recall, Mr. Chairman, Bill Hensley and I briefed you in 
the last hearing on some of those actions and we will be happy to 
more extensively amplify on those in the closed session. The de- 
tailed are classified. 

Since the July 1 hearing, the corrective action plan has been fi- 
nalized, with specific milestones assuring the concerns identified by 
Mr. Podonsky are appropriately addressed by the end of the cal- 
endar year. Since I now have a completed and corrective action 
plan, I intend to also implement some measures by which there is 
accountability. And I intend to hold both Federal managers ac- 
countable and laboratory managers accountable. 

In addition to that, I have directed that there be the creation of 
a tracking system to specifically track each issue as corrective ac- 
tions and associated milestones are completed or not completed. 
Mr. Hensley, who directs our security office at Defense Programs, 
has created three viewgraphs that we will take up with you in later 
session. They are very brief, but we wanted to give you a status 
of where we stand. 

Thank you very much for the opportunity to provide you with an- 
other update on the progress of security, and I am available for 
questions. 

[The prepared statement of Gil Weigand follows:] 

Prepared Statement of Gil Weigand, Deputy Assistant Secretary for Re- 
search, Development and Simulation at Defense Programs, Department of 

Energy 

Good morning Mr. Chairman and Subcommittee Members: I am Dr. Gil Weigand, 
I am the Deputy Assistant Secretary for Research, Development and Simulation at 
Defense Programs. I have been in this current position for about 8 months. I was 
put in this position because I would bring to this position industry and DoD pro- 
gram management experience. 
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As I indicated during the July 1, 1999 testimony to the Subcommittee, Defense 
Programs (DP) recognizes that our job is “TO FIX THE PROBLEMS.” We agree sub- 
stantially with the issues identified by Mr. Podonsky and his team and have both 
immediate and interim actions to address their concerns. I have directed that a cor- 
rective action plan in general for safeguards and a path-forward plan specifically for 
the special nuclear material areas be developed which addresses each of the con- 
cerns in Mr. Podonsky team’s findings. A draft of that plan has been reviewed by 
Mr. Podonsky’s team and we have incorporated their comments. Eurthermore, as a 
result of cyber-security concerns, I directed the formation of a cyber-security inte- 
grated security management plan. The first step is the development of a plan by 
August 1 which will create the most aggressive across the board advance in cyber- 
security at the labs, not by my account, but by the account of some of the nations 
foremost experts in cybersecurity. The management team is headed by Bill Crowell, 
former Deputy Director of NSA. Lastly, the department under the direction of Un- 
dersecretary Moniz we have created plans, the Department’s Goal Posts Plan, which 
will result in a “green” designation for safeguards and security at LLNL by the end 
of the year. As you will recall, Mr. Hensley and I briefed you during the last Hear- 
ing on some of those actions. 

Since the July 1, 1999 Hearing, the corrective action plan has been finalized with 
specific milestones for assuring the concerns identified by Mr. Podonsky are appro- 
priately addressed by the end of the calendar year. A tracking system is being devel- 
oped to specifically track each issue, its corrective action(s), and associated mile- 
stones. 

Mr. Hensley who directs the security office at Defense Programs will conclude our 
time here by providing you with a three slide summary of the corrective action 
plan’s status. We will provide for the record the classified detailed corrective action 
briefing. 

Thank you very much for the opportunity to provide you with another update on 
our progress in security. Mr. Hensley please provide the committee with you status 
report. 

Mr. Upton. Thank you. Dr. Turner, do you have something you 
would like to add? 

STATEMENT OF JAMES TURNER 

Mr. Turner. Yes, sir, I do. I appreciate the opportunity to be 
here. I would like to start with some summary statements and 
then step back from that to give you a quick overview of our role 
as a field element. 

First of all, back in April, Bruce and I, along with some others, 
were involved in a video teleconference with the Secretary. At that 
time I gave him my personal assurance that we would do every- 
thing that was necessary to correct the items that were found in 
the 1998 Report to the President, as well as the things that Glenn’s 
team came up with. 

I saw the Secretary last week at an event and personally reiter- 
ated my assurance. I spent part of last week going over the issues 
regarding storage of classified parts. We were briefed on the up- 
grades to the alarm system that was being put in place, as well as 
continuously tracking the corrective action plan. All the items are 
on track in that corrective action plan. They are being completed 
on time. And I think this represents a commitment from all of us 
at the table to make that happen. 

That being said, let me step back for a moment and talk about 
our role and responsibility as a field element and the team that we 
have here today. First of all, we’re the contracting officer for Law- 
rence Livermore National Laboratory. In conjunction with head- 
quarters, we set expectations for the laboratory in a number of 
areas, including security, and we assess their performance annu- 
ally. We also provide Federal oversight, and in that role we have 
the line management function in safety and security at the lab. We 
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provide assurance to headquarters that not only are the provisions 
of the contract being met, but also DOE policy objectives are being 
met by the laboratory. 

In the implementation of that security role, we develop an an- 
nual a site safeguards and security plan which provides a protec- 
tion strategy for the laboratory as well as specific performance 
measures in the contract on which the laboratory is graded. We 
have an onsite presence which means that on a daily basis people 
are walking through the facilities, checking things and looking at 
how things are being done to understand what the laboratory is 
doing. And, on occasion when it is necessary, there are findings and 
concerns that are developed out of that but it also provides us a 
direct way to track and validate that corrective actions are in fact 
being done. 

There is an annual survey report which summaries of these daily 
operational awareness activities. The report goes into the contract 
assessment as well as inputs provided to headquarters. We, in 
turn, are overseen by headquarters. Defense programs is our boss 
for everything that goes on at Livermore. That is very clear to us. 
We have a management agreement that has been signed with Gil 
Weigand, and there is also another document that has been signed 
which has been presented to Vic Reis for signature that spells out 
roles and responsibilities for our office and defense programs. 

We also appreciate the input from the Office of Security Evalua- 
tions, Glenn’s office, because they provide us with increased con- 
fidence in what we’re doing and what we’re finding. They also 
share with us their experience from other parts of the complex. 
They see the whole picture while we only see a part of it, and it 
is best practices that we can incorporate. 

We have reported on some progress at the July 1 briefing. Since 
then, there has been additional progress. Glenn talked about the 
progress that’s been made in the protection strategy for 
Superblock. Also, the laboratory has completed the second of three 
bimonthly inventories for materials control and accountability. We 
wanted them to complete three before we would go back and look 
at our evaluation. They are also upgrading the alarm systems for 
the storage of classified parts. 

As far as my role is concerned, I am a physicist. I have been at 
Oakland for 5 years. I have been the manager there for 4 years. 
Prior to going to Oakland, I was the director of the Defense Pro- 
grams Office of Nuclear Weapons Security, and in that capacity I 
had the responsibility for safety, security and use control. So for 
me, it is more than an intellectual exercise, it is something that I 
feel, something I live and something I sincerely believe. 

I am out at Livermore at least 1 day a week. We have weekly 
meetings with our site manager where we talk about what is his 
assessment of how we’re moving on the corrective action plan. I 
meet once a week with Livermore senior management and we dis- 
cuss security — an item on that agenda is always the corrective ac- 
tion plan. 

Again, speaking for the office, I will give my personal assurance 
to the Secretary as well as provide it to you, that we will do the 
things that are necessary to get the lab green or satisfactory by the 
end of the year. 
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I would also like to take the opportunity to introduce the mem- 
bers of our team that are here today. First of all, Marty Domagala, 
our Deputy Manager is here. He led the team that came back for 
the July 1 briefing. Jim Hirahara, our Assistant Manager for Oper- 
ations and Safe Management. One of his responsibilities is the Uni- 
versity of California contract. I understand there were some ques- 
tions that came up the last time about that. And also Rich 
Mortensen, our Director of Safeguards Security. With that, I am 
happy to answer any questions that you may have. 

Mr. Upton. Terrific. Having completed our witnesses’ public 
statements, the Chair will recognize himself for a unanimous con- 
sent request and to offer a motion. 

Mr. Stupak. Mr. Chairman, before we do that, I hate to inter- 
rupt you, but Dr. Weigand and Dr. Turner both had statements be- 
fore them. We never received copies of those. Could we get copies 
of those statements I would like to look at the in the future? 

Mr. Weigand. Absolutely. I was not asked to provide — and I 
apologize for not thinking forward on that. 

Mr. Turner. I was under the understanding that an oral state- 
ment — ^but we will certainly provide. 

Mr. Upton. Terrific. Thank you. Without objection, staff of the 
majority — my motion is this: Without objection, staff of the major- 
ity and minority parties may be recognized to question witnesses 
for equal 30 minute blocks pursuant to clause 2(j) of rule XI of the 
Rules of the House. Is there objection? Hearing none. 

Mr. Barton. Mr. Chairman? 

Mr. Upton. The gentleman is recognized. 

Mr. Barton. You want the staff to question the witnesses in this 
hearing or later on? 

Mr. Upton. Later on. It will be part of the hearing. 

Hearing none, so ordered. 

Further, the Chair moves that pursuant to clause 2(g) of Rule XI, 
the Rules of the House, the remainder of this hearing to conducted 
in executive session to protect information that might endanger na- 
tional security. Is there discussion on the motion? If there is no dis- 
cussion, pursuant to the rule, a recorded vote is ordered. 

All in favor of moving to executive session will indicate by saying 
aye. 

Opposed, say nay. 

The Clerk will call the roll. 

The Clerk. Mr. Barton. 

Mr. Barton. Yes. 

The Clerk. Mr. Barton votes aye. 

Mr. Cox. 

[No response.] 

The Clerk. Mr. Burr. 

Mr. Burr. Aye. 

The Clerk. Mr. Burr votes aye. 

Mr. Bilbray. 

Mr. Bilbray. Aye. 

The Clerk. Mr. Bilbray votes aye. 

Mr. Whitfield. 

[No response.] 

The Clerk. Mr. Ganske. 
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Mr. Ganske. Aye. 

The Clerk. Mr. Ganske votes aye. 

Mr. Blunt. 

[No response.] 

The Clerk. Mr. Bryant. 

Mr. Bryant. Aye. 

The Clerk. Mr. Bryant votes aye. 

Mr. Bliley. 

[No response.] 

The Clerk. Mr. Klink. 

Mr. Klink. Aye. 

The Clerk. Mr. Klink votes aye. 

Mr. Waxman. 

[No response.] 

The Clerk. Mr. Stupak. 

Mr. Stupak. No. 

The Clerk. Mr. Stupak votes no. 

Mr. Green. 

[No response.] 

The Clerk. Ms. McCarthy. 

Ms. McCarthy. Aye. 

The Clerk. Ms. McCarthy votes aye. 

Mr. Strickland. 

Mr. Strickland. No. 

The Clerk. Mr. Strickland votes no. 

Ms. DeCette. 

Ms. DeCette. Aye. 

The Clerk. Ms. DeCette votes aye. 

Mr. Dingell. 

[No response.] 

The Clerk. Mr. Upton. 

Mr. Upton. Aye. 

The Clerk. Mr. Upton votes aye. 

Mr. Upton. The Clerk will report the result. 

The Clerk. Mr. Chairman, on that vote there were 9 ayes, 2 
noes. 

Mr. Upton. Members having voted in the affirmative and a 
quorum being present, the motion is agreed to. Accordingly, the 
Chair declares the subcommittee in recess subject to the call of the 
Chair, pending which all members, staff, witnesses, and guests will 
leave the room. 

The Capitol Police at this point will secure the room and I would 
note that we will come back at 11:05 for members that are going 
to be able to come back. 

[Whereupon, at 10:45 a.m., the subcommittee recessed. To recon- 
vene at 11:05 a.m. executive session.] 



